CVE-2023-24999: Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
First published: Fri Mar 10 2023(Updated: )
A flaw was found in the Hashicorp vault. When using the Vault and Vault Enterprise approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of another role by providing the secret ID accessor.
Credit: security@hashicorp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Vault | <1.10.11 | |
| HashiCorp Vault | <1.10.11 | |
| HashiCorp Vault | >=1.11.0<1.11.8 | |
| HashiCorp Vault | >=1.11.0<1.11.8 | |
| HashiCorp Vault | >=1.12.0<1.12.4 | |
| HashiCorp Vault | >=1.12.0<1.12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
- https://security.netapp.com/advisory/ntap-20230505-0001/
- https://access.redhat.com/errata/RHSA-2023:3742
- https://access.redhat.com/security/cve/cve-2023-24999
- https://bugzilla.redhat.com/show_bug.cgi?id=2177844
- https://www.cve.org/CVERecord?id=CVE-2023-24999 https://nvd.nist.gov/vuln/detail/CVE-2023-24999 https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
Frequently Asked Questions
What is CVE-2023-24999?
CVE-2023-24999 is a vulnerability found in Hashicorp Vault that allows authenticated users to destroy the secret ID of any role.
What is the severity of CVE-2023-24999?
CVE-2023-24999 has a severity rating of 8.1, which is considered high.
How does CVE-2023-24999 affect Hashicorp Vault?
CVE-2023-24999 affects Hashicorp Vault and Vault Enterprise's approle auth method.
How can I fix CVE-2023-24999?
To fix CVE-2023-24999, update your version of Vault to 1.13.0, 1.12.4, 1.11.8, 1.10.11 or above.
Where can I find more information about CVE-2023-24999?
You can find more information about CVE-2023-24999 at the following references: [Hashicorp Discuss](https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305), [Red Hat Errata](https://access.redhat.com/errata/RHSA-2023:3742), [Red Hat Security Advisory](https://access.redhat.com/security/cve/cve-2023-24999).
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/author
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-24999
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/description
- agent/severity
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/hashicorp
- canonical/hashicorp vault
- version/hashicorp vault/1.11.0
- version/hashicorp vault/1.12.0
- package-manager/redhat